General
-
Target
stub.bat
-
Size
867KB
-
Sample
241120-mq78gavgje
-
MD5
f65ecc66084cc75a6bcda07794a6bfb5
-
SHA1
e685a1984125f488d2ad1cfe0249507b00167bca
-
SHA256
f7d2ec7a0b0c15e517390da081883f43689e72a354ce159761b38b4c809b2efe
-
SHA512
282481405afe2b0d7feb12ce5ca4d8605c4cfed4d3fcc24130761e72109511939c995399d2b3012fab97ea747a1d4fcc140cf38cf7e2f8248f4b4f80958c922d
-
SSDEEP
24576:B+kyXhdQe4INLAiGFEmPe9KaCr/b9lfqSNFU:+XEXSq/5lqoU
Malware Config
Targets
-
-
Target
stub.bat
-
Size
867KB
-
MD5
f65ecc66084cc75a6bcda07794a6bfb5
-
SHA1
e685a1984125f488d2ad1cfe0249507b00167bca
-
SHA256
f7d2ec7a0b0c15e517390da081883f43689e72a354ce159761b38b4c809b2efe
-
SHA512
282481405afe2b0d7feb12ce5ca4d8605c4cfed4d3fcc24130761e72109511939c995399d2b3012fab97ea747a1d4fcc140cf38cf7e2f8248f4b4f80958c922d
-
SSDEEP
24576:B+kyXhdQe4INLAiGFEmPe9KaCr/b9lfqSNFU:+XEXSq/5lqoU
Score10/10-
UAC bypass
-
Adds policy Run key to start application
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4